MICROSOFT SECURITY RESPONSE CENTER: UPDATE ON PETYA MALWARE The Microsoft Security Response Center has written a post to address Petya, based on their own investigation.

The MSRC talks about it’s origins, initial targets, what previous security patch addresses the vulnerability it leverages, and general guidance around the malware – including protection technologies to leverage in the future.

ENTERPRISE CUSTOMER GUIDANCE The following was disseminated to our customers with Premier Support contracts.

Background Microsoft’s antivirus software detects and protects against this ransomware. Our initial analysis found that the ransomware uses multiple techniques to spread, including ones which were addressed by a security update (MS17-010) previously provided for all platforms from Windows XP to Windows 10. We are continuing to investigate, and our support teams are fully mobilized and engaged globally to help any impacted customers.

Windows Defender, System Center Endpoint Protection, and Forefront Endpoint Protection detect this threat family as Ransom:Win32/Petya. Ensure you have a definition version equal to or later than:

In addition, the free Microsoft Safety Scanner http://www.microsoft.com/security/scanner/ is designed to detect this threat as well as many others. If you use a solution from an antivirus provider other than Microsoft, please check with that company.

New guidance from the MMPC Blog On Tuesday June 27, 2017, the Microsoft Malware Protection Center (MMPC) released a detailed analysis of the Petya Ransomware attack in a new blog post:

This MMPC blog provides the most cogent and detailed analysis available on how the malware works and guidance for network administrators and security professionals concerning how to mitigate against specific attack methods.

New guidance from the MSRC Blog On Wednesday June 28, 2017, the Microsoft Security Response Center (MSRC) released a new blog post to provide additional insights and guidance customers can use to improve protections in the enterprise:

New guidance from the Azure Security Center Blog On Wednesday June 28, 2017, the Microsoft Azure Security Center released a new blog discussing ​measures that Azure customers can take to prevent and detect Petya malware through Azure Security Center:

Recommendations In addition to the recommendations we included in our previous alert on Tuesday, we strongly recommend reviewing the information provided in these blogs for specific steps you can take to mitigate against Petya Ransomware.

Regarding Information Consistency We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Microsoft’s security content posted to the web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s web-based security content, the information in Microsoft’s web-based security content is authoritative